The present invention relates to mobile computing and, in particular, to a mechanism enabling modification of the operation of a mobile device when it crosses a country boundary in order to maintain conformance with different countries"" legislative requirements such as cryptographic restrictions or other area-specific communications requirements.
There are differing laws in different countries as to the strength and/or types of cryptography which are allowed, including differences between European countries, with some authorities wanting to ensure that authorised signal interception remains technically feasible. For example, a country may permit use of the RSA cryptographic algorithm with 512 bit keys but not using a key length of 1024 bits, or a country may permit use of DES but not 3DES, or use of any cryptographic algorithms up to 128 bit key length. There are also instances where certain countries are on a prohibited list such that exchanging encrypted data with any enterprises in that country is not permitted.
Mobile devices such as cellular telephones and communications-enabled Personal Digital Assistants (PDAs) are now capable of running application programs in addition to exchanging voice data, and cellular telephones are frequently used as the mechanism for portable computers to connect to a network to exchange data with other computers. Although encryption/decryption is a good idea when carrying out any sensitive transaction, such as an on-line credit-card purchase or an exchange of confidential information, encryption of data flows is particularly important for wireless communications since wireless communications are easier to intercept than communications sent via wired connections.
Any enterprises and individuals wishing to exchange encrypted data in the mobile environment, as well as any enterprise selling mobile computing devices, will soon face the problem of how to ensure that users of mobile computing devices and the parties they exchange data with conform to the legislative cryptography requirements of the countries at each end of the communication link. This is a particular problem since the mobile devices can be moved across country boundaries, such that a static solution would be inadequate. This problem will be faced by, for example, banks with networked computers which enable application programs running on mobile devices to communicate with application programs on the bank""s computer systems and will also be faced by the mobile user. The bank will require a mechanism to ensure conformance to various national laws if its international business is to be approved by regulatory authorities in the respective countries.
U.S. Pat. No. 5,781,628 discloses selectively restricting encryption of communications within a telecommunications network in accordance with prohibitions on encryption for particular countries. U.S. Pat. No. 5,781,628 only discloses disabling encryption capabilities when required and this does not take account of the more subtle cryptographic requirements which are in place in many countries. For example, as noted above, use of cryptographic algorithms may be permitted if the key bit length is no more than a defined maximum or it may be that only certain types of cryptographic algorithm are prohibited.
Furthermore, U.S. Pat. No. 5,781,628 does not disclose any mechanism which enables performance of a selection of cryptographic components with reference to the specific requirements of communicating application programs running on communications devices. Indeed, U.S. Pat. No. 5,781,628 includes no disclosure of any mechanism which takes account of whether encryption is actually required. Although this might appear inessential to the simple determination in U.S. Pat. No. 5,781,628 of whether to disable all cryptographic functions for voice calls (in accordance with the strict legislative requirements of some countries), it does not provide adequate support for communicating application programs which have a required minimum security level. U.S. Pat. No. 5,781,628 does not enable a consideration of both relevant cryptographic restrictions and application requirements and a decision to be made on whether to break a communication connection or proceed with communication using a restricted cryptography level.
Cryptographic requirements are one of many examples of differences between the laws of different countries, and as such are one example of legislative requirements which would benefit from a method and mechanism for ensuring conformance to the different laws for mobile devices. As another example, legislation may prohibit a computing device user from using certain technology within prohibited countries (for example, if that technology is relevant to defence). As a further example, legislation may dictate the language which must be used for financial institutions"" electronic transactions.
The present invention provides a method and a mechanism for dynamically controlling the performance of operations of a mobile device in accordance with legislative requirements of the particular location of the mobile device and in accordance with the requirements of application programs at either end of the communication link. The controlled operations are preferably communication-related operations such as encryption and decryption or applying of digital signatures.
In a first aspect, the invention provides a method and a mechanism that can be used to automatically switch cryptography strength and/or type when mobile computing devices cross country boundaries, or to break the mobile device""s connection in a controlled way. This facilitates conformance of the mobile device""s communications to different countries"" cryptographic requirements.
The country of location of a mobile computing device is determined, and then information is obtained for identifying permitted cryptographic strengths or types for the identified location country. For example, the permitted cryptographic strengths or types may be identified in terms of specific permitted or prohibited algorithm names or key bit lengths. The provided information may also identify other country-specific communication prohibitions or restrictions.
A cryptographic component implementing a permitted algorithm is then selected for encrypting data in accordance with the requirements of the application programs at both ends of the communication and in accordance with the information on cryptographic restrictions, or the communication connection may be broken or the device or its encryption capabilities may be disabled.
In a first embodiment, the invention is implemented in an application service component for a first computing device. The application service component is responsive to an identification of at least the country location of the first computing device to obtain information for identifying cryptographic components which can be used in the identified country without contravening legislative restrictions. The application service component either selects or validates selection of a cryptographic component in accordance with the obtained information and in accordance with communication requirements of a first application program located on the first computing device, for encrypting and decrypting data.
If the first computing device initiated the communication, it then preferably initiates validation of the selection in accordance with communication requirements of a second application program located on a second computing device with which data will be exchanged. The initiation of validation with reference to the second application""s requirements may simply involve sending a request to a second computing device for creation of a communication channel, or may involve an explicit validation request.
Either the step of obtaining information to identify permitted cryptographic components, or the step of selecting or validating selection of a cryptographic component, or a subsequent validation step performed on either the first or second computing device prior to exchange of encrypted data, will also take account of the cryptographic requirements of the location country of the second device so as to ensure conformance with the requirements of the location countries of both the first and second devices.
The present invention""s reference to application requirements in the dynamic selection of cryptographic functions and in the consideration of whether to break a connection has significant advantages over a mechanism which relies solely on facilities of the underlying communications stack to determine whether to enable or disable cryptographic algorithms. The invention according to the preferred embodiment implements a selection mechanism at the application layer of a layered model of communications system functions (e.g. the OSI model) and enables application programs to contribute to a negotiation of cryptographic functions by specifying their requirements, whereas a selection mechanism implemented at the communications layer would not.
Thus, taking account of application requirements and enabling application programs to contribute to the negotiations of which cryptographic algorithms to use or whether to break a connection achieves a negotiation result which is acceptable to the particular applications. When a communicating device crosses a country boundary, some applications may tolerate continued communication and application execution using a different encryption algorithm or using no encryption, whereas other application programs may require the connection to be broken if their specified criteria for the communication channel cannot be maintained. Other rules may require a device to be disabled. In all these cases, referring to the application requirements enables the appropriate action to be taken.
A mechanism implemented at the communications layer would also necessarily be specific to the particular communications support (for example, TCP or GSM specific) whereas the present invention provides a service which is more widely useable since it is not specific to a particular communication support layer.
An application service component according to the invention could be provided as a computer program product comprising computer readable program code recorded on a computer readable recording medium or as an integral component of a computing device.
In a second aspect of the invention, there is provided a method for controlling the operation of a first computing device including: in response to identification of the country location of at least the first computing device, obtaining information of legislative requirements relating to one or more communication operations of the first computing device for the identified country; and selecting or validating selection of an operation sequence in accordance with the obtained information and in accordance with communication requirements of at least a first application program located on the first computing device, for performing the one or more communication operations.
In a third aspect, the invention provides a mobile computing device including software for controlling the operation of the device to ensure conformance to legislative requirements of the current location of the device, the software controlling the device to execute processes to respond to identification of the country location of at least the mobile computing device by obtaining information of legislative requirements relating to one or more communication operations of the mobile computing device for the identified country, and to select or validate selection of an operation sequence in accordance with the obtained information and in accordance with communication requirements of at least a first application program located on the mobile computing device, for performing the one or more communication operations.
In a fourth aspect, the invention provides a computing apparatus for interoperating with a mobile computing device, the computing apparatus including software for controlling the operation of the computing apparatus to ensure conformance to legislative requirements of both the location of the computing apparatus and of the current location of the mobile computing device, the software controlling the apparatus to execute processes to respond to identification of the country location of the mobile computing device by obtaining information of legislative requirements relating to one or more communication operations for the identified country location of the mobile device and legislative requirements relating to the one or more communication operations for the country location of the computing apparatus, and to select or validate selection of an operation sequence in accordance with the obtained information and in accordance with communication requirements of at least a first application program located on the mobile computing device, for performing the one or more communication operations.
In a preferred embodiment of the invention, creation of a communications channel involves a first selection of a cryptographic component for encrypting and decrypting data sent across that channel. This is followed by subsequent checking of the validity of cryptographic functions, performed as a passive operation which is triggered by certain predefined events. Such an event may be a location determination identifying the crossing of a country boundary which then causes a mobile device to raise an interrupt prompting the application program to check the validity of cryptographic components for the new country combination.
In an alternative embodiment, an active process is used in which a country location determination is performed and then a list of permitted cryptographic functions (or a list of cryptographic restrictions for identifying permitted cryptographic components) is obtained and checked whenever data is to be encrypted for transmission.
There are many mechanisms which may be used for identifying a mobile device""s location. In an embodiment of the invention for cellular telephones, the telephone passes a country query to the cellular network operating system either in response to receipt of a new broadcast cell identifier which is a notification that the telephone has moved, or periodically, or whenever data is to be exchanged. The cellular network operating system then manages a database retrieval operation to map the cell identifier to a specific country. In another embodiment, the Global Positioning System (GPS) is used to identify a device""s location by polling satellites whenever encrypted data is to be exchanged.